ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 201 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 201
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company manages multiple AWS accounts using AWS Organizations. The company's security team notices that some member accounts are not sending AWS
CloudTrail logs to a centralized Amazon S3 logging bucket. The security team wants to ensure there is at least one trail configured for all existing accounts and for any account that is created in the future.
Which set of actions should the security team implement to accomplish this?

  • A. Create a new trail and configure it to send CloudTrail logs to Amazon S3. Use Amazon EventBridge (Amazon CloudWatch Events) to send notification if a trail is deleted or stopped.
  • B. Deploy an AWS Lambda function in every account to check if there is an existing trail and create a new trail, if needed.
  • C. Edit the existing trail in the Organizations master account and apply it to the organization.
  • D. Create an SCP to deny the cloudtrail:Delete* and cloudtrail:Stop* actions. Apply the SCP to all accounts.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by DayQuil at March 16, 2021, 4:59 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AlexWong
Highly Voted 3 years, 8 months ago
C Users in member accounts will not have sufficient permissions to delete the organization trail, turn logging on or off, change what types of events are logged, or otherwise alter the organization trail in any way. https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-trail-organization.html
upvoted 25 times
DahMac
3 years, 8 months ago
When you create an organization trail, a trail with the name that you give it will be created in every AWS account that belongs to your organization. Users with CloudTrail permissions in member accounts will be able to see this trail when they log into the AWS CloudTrail console from their AWS accounts, or when they run AWS CLI commands such as describe-trail. However, users in member accounts will not have sufficient permissions to delete the organization trail, turn logging on or off, change what types of events are logged, or otherwise alter the organization trail in any way.
upvoted 4 times
DahMac
3 years, 8 months ago
Not -A- because and event to notify when CT is deleted or stopped can't work if CT is deleted or stopped. Also members can not modify OU CT.
upvoted 1 times
...
...
...
Raphaello
Most Recent 1 year, 4 months ago
Selected Answer: C
C is the correct answer. As mentioned before, member accounts will not be able to delete organization trail. Organization trail will apply to all new member accounts as well.
upvoted 1 times
...
ITGURU51
2 years, 2 months ago
If you have created an organization in AWS Organizations, you can create a trail that logs all events for all AWS accounts in that organization. This is sometimes called an organization trail.C
upvoted 2 times
...
jishrajesh
2 years, 6 months ago
C is correct
upvoted 1 times
...
dcasabona
2 years, 11 months ago
Selected Answer: C
I go for C as well.
upvoted 1 times
...
cloudchica
3 years, 3 months ago
Why not D? "We recommend using service control policies (SCPs) to prevent any tampering with CloudTrail." https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/automatically-re-enable-aws-cloudtrail-by-using-a-custom-remediation-rule-in-aws-config.html
upvoted 1 times
trongod05
3 years ago
Because the question is related to establishing a trail, not keeping it from being tampered with. "The security team want to verify that at least one trace is set for all current accounts as well as any future accounts established." Meaning where can you control this centrally and have it cascade down to other accounts. Organizations.
upvoted 4 times
...
...
Radhaghosh
3 years, 5 months ago
C is best for the below line "The security team want to verify that at least one trace is set for all current accounts as well as any future accounts established."
upvoted 1 times
...
kiev
3 years, 8 months ago
C is perfect
upvoted 2 times
...
Hudda
3 years, 8 months ago
Thank you so much.
upvoted 3 times
...
cldy
3 years, 9 months ago
C. Correct
upvoted 2 times
...
Hudda
3 years, 9 months ago
C final answer friends, pls confirm.
upvoted 2 times
...
DayQuil
3 years, 9 months ago
Answer is C. Create a trail for the entire Organization.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel